Please note that as of October 24, 2014, we will be archiving some of the Nokia Developer discussion boards. The Nokia Asha and Nokia X sections will remain open for continued use. The "Windows Phone/Lumia" and "Other Platforms" sections will become read-only. For your Windows Phone development questions, we invite you to visit the Microsoft Developer Network (MSDN) discussion forums.

If this is your first visit, be sure to check out the FAQ. To start viewing messages, select the forum that you want to visit from the selection below.

"No valid certificate" error when installing signed app

I am getting a "No Valid Certificate" error on my Nokia 6101 (S40 DP2) when trying to install an app signed by Verisign, and the install fails. I need to sign the app to access PIM functions, otherwise I get a SecurityException. I assume this means that it can't trace my cert back to the root cert. But there are a couple Verisign Class 3 root certs on the phone.

Four Verisign code signing certificates? Are you sure? In the phone click the Options tab on each certificate and check if code siging is activated.

Your MANIFEST implies you have a certificate chain because there a two MIDlet-Certificate fields. This means there is at least one intermediate certificate. You have checked the root certificate of yours?

I would say you bought the wrong certificate because it is not possible to install own root certificates for Java code siging (normally – only the Nokia Series 60 Edition 2 and 3 allows this).

Re: "No valid certificate" error when installing signed app

Yes, there are 4 Verisign code signing certs are on the 6101. They all have an 'X' by "App. Signing", which I assume is the same as code signing. I listed their names in my previous post.

Today I got my app to run in the OTA simulation in Sun WTK 2.3 which allows you to add and delete root certificates (Utilities -> Manage Certificates). I verified that the app would not load if the Verisign certificate was deleted (Class 3 Public Primary Certification Authority). Also, I got it to run in NDS using the Nokia Prototype SDKs 2, 3, and 4, using the "Real Life" option in the SDK preferences, which is supposed to simulate a real download/code authentication. Therefore, I think that the code signing is correct. However, it will not run using the Nokia_S40_DP20_SDK_6230i. It gives the same error "No valid certificate" as I get when I run it on the actual phone (6101). Therefore, I suspect some problem or incompatibility with the 6101 and 6230i.

If anyone knows of a way to add a root certificate to the 6230i emulator, or to view/edit the root certificates in the Nokia Prototype SDKs, please let me know. That would help with my investigation.

And if anyone was able to get their signed app to load on a S40 DP2 (or DP3) phone, please let me know the signer and the phone model.

In fact the error I'm getting can be reproduced in the NDS using just the jad file and the 6230i emulator (uncheck "Overrule default handset behavior" under preferences, no jar file necessary):

All you have to do is to compare fingerprints of your root certificate. If they do not match, than you have bought or got a certificate for a different certificate root chain. I cannot do that for you, because I have no Nokia 6101 and my only Series 40 Edition 2 device (a Nokia 6230) is in repair.

They do not match, you say – well than you have the answer. By the way I would not go for MIDlet-Permissions. Use MIDlet-Permissions-Opt instead. Solved a lot of issues here.

What are your JAD and MANIFEST look like? Did not understand that.
MANIFEST only:
– MIDlet-Permissions…
JAD only:
– MIDlet-Certificate…
– MIDlet-Jar-RSA-SHA1
Never ever duplicate them in both. This is waste of bandwidth and wrong.

You should be able to add a root certificate, if you start the emulator and go to it's browser. From there access your root certificate which will be installed into the certificate list. Go into the certificate list and activate it for code siging. I have tested this successfully with Nokia Series 40 Edition 3 SDK. I have not tested it with Nokia Series 40 Edition 2 SDK. I have not tested it with a real Nokia Series 40 Edition 3 phone. My tests with a real Nokia Series Edition 2 phone failed because the application code signing tick box stayed grey and is not activeable.

Re: "No valid certificate" error when installing signed app

Thanks for your help with this.

I'm not sure I understand what you are saying about comparing the fingerprint of my root certificate. Compare it with what? There are 3 certificates in the chain, each of which has its own fingerprint:

This completes the certificate chain. Each certificate has its own fingerprint. The first one is on the phone, and the second two are given to me by Verisign. I may be wrong here, but I think what matters is the *name* on the certificate, not the fingerprint, when matching the links in the chain. So, the fingerprints are not supposed to match. Because the names match, this would be a valid chain.

I'm using the Manifest and jad file as created by the Sun WTK 2.3b and/or the Nokia Developer's Suite v3. Yes there is some duplicated info but I don't want to muck around with that. I'd rather have the tool create it for me. However, both certificates and the jar signature are all in the JAD file, not in the manifest.

I was unable to view the root certificate list in the Prototype_3_0_S40_128x160_MIDP_Emulator. The emulaotr runs only my application, and does not run any other programs. In fact, when I exit my app, it just starts it right back up again. I started up the emulator in the NDS. Is there another way to start up the emulator that allows you to use the browser? Or are we referring to 2 different emulators?

Yes, the name has to match but the fingerprints of the root on your computer must match the fingerprint on your phone. The question is, was your intermediate certificate created against the same root. Is the root on your computer the same root as on the phone. This is step one – coming out from your first post.

I used these SDKs – the 3rd Edition was tested by me with this. The Nokia 6255 Edition – which is very near to your model, lacks a browser. I guess you used the Prototype SDK. Even the Prototype SDKs should be startable from the Windows Start menu – it was this way in the past although I have not checked recently. I go for the individuals normally.

Have you tested the MIDlet without the JAD (=unsigned)? Does this install? Have you tried with opted permissions?

Re: "No valid certificate" error when installing signed app

OK, I see. I imported the certificate into Internet Explorer (Tools -> Options -> Content -> Certificates), and it recognized the certificate chain, and linked back to the same certificate (with same fingerprint) as is on my phone. Therefore, I think the certification chain is correct.

I tried with permissions-opt, without a signature (installs fine), and still got a SecurityException when trying to access PIM. If signed, I still get "No valid certificate" when attempting to install.

I'm not sure what you mean by installing without a JAD, but the app installs fine without a signed JAD. It just gives the SecurityException.

I ordered a certificate from Thawte (they also have a code signing root cert on the 6101). They told me they have a 30 day return policy, and they are much cheaper than Verisign. So I thought it was worth a shot. Entrust does not sell code signing certificates.

Thanks for the link to the 3rd Edition SDK. I did not see this before. Yes, I was using the prototype.

Well I will post if I make any progress on this. I appreciate your help!

Re: "No valid certificate" error when installing signed app

Originally Posted by ashish@nokia.com

no valid certificate occur while downloading

Hi ashish! Welcome to Nokia Developer Discussion Boards!!

Are you a software Developer or an end user ? Please note this discussion board is only for mobile App development related issues. If you are a developer, please explain your issue, so that we can better support you.

Re: "No valid certificate" error when installing signed app

Hello all,

I have same issue, i am getting same error ("invalid certificate please contact service provider ")on my nokia E71 when i am trying to install application signed by verisign. I signed my jad file with following http://www.codeproject.com/Articles/...-a-J2ME-Midlet.

Do we need to install certificate into mobile? If yes than how can we do that? right now i am just transfering jad and jar file to device via USB.